01 December 2012

How robust is your organizations "Information Operations" capabilities? The degree to which the threat to your institution escalates in a war of words is going to be in direct proportion to your ability to monitor and counter the "Powerbase" within your information-centric community.

Operational Risk within the institution, the city or the country is a factor of the likelihood of a particular threat and the ability to deter, detect, defend and document the threat. However, the overt abilities to sensor, block or suppress your particular community from communicating freely, will be difficult if not impossible. Or will it?

Syria’s civil war went off­line Thursday as millions of people tracking the conflict over YouTube, Facebook and other high-tech services found themselves struggling against an unnerving national shutdown of the Internet.

The communications shutdown immediately evoked memories of similar action by Libya’s Moammar Gaddafi and Egypt’s Hosni Mubarak, and it sparked fears that President Bashar al-Assad could be preparing to take even harsher action against Syrian opposition forces, which have recently made significant advances in the battle against the government.
A Syrian official blamed the outages on technical problems. Analysts said it was far more likely that Assad had ordered the Internet and some cellphone connections switched off, although it was possible that a rebel attack had severed crucial cables.

Whatever the cause of the blackout, it was clear that the remarkable window into the war offered by technology had dramatically narrowed for Syrians on both sides of the conflict and the many outsiders following the story. Observers said it signaled the beginning of a dangerous new phase after 20 months of escalating conflict.

Nations states have for years been subjected to the technology innovation of proxy servers and other methods for obtaining blocked Internet content. The human element of the insatiable pursuit of information will continuously provide for the innovation to obtain that information that has been withheld from the community. Whether that community is a corporation or a country, the employees or the citizens will find a way to gain the access and obtain the information they seek.

“...our intelligence apparatus still finds itself unable to answer fundamental questions about the environment in which we operate and the people we are trying to protect and persuade.” Lt. Gen. Michael T. Flynn, U.S. Army

The ability to utilize ubiquitous devices such as camera enabled wireless smart phones has changed the landscape for "Information Operations" within your company and your local community. Operational Risk professionals are keenly aware of the requirements to monitor and detect the use of roque communications devices in the workplace including unauthorized broadband hot spots (simple and effective). Yet the state of business and politics precludes these individuals from truly understanding what their real role should be in this fight for zero's and one's. The fight is not about learning who has unauthorized access, it is about understanding human behavior and the powerbases within a particular community.

Even the use of more sophisticated wireless mesh networks has been pervasive for years within the context of the USIC and where U.S. defense forces need to operate in areas with little or no telecommunications infrastructure. The questions begs then to what degree are these same kinds of capabilities being utilized within the context of industrial espionage and foreign intelligence services within the skyscrapers of downtown Washington, DC, Chicago, New York or Los Angeles?

Having a better understanding of the powerbase of each actor, the number and types of dimensions of that power, which elements of the powerbase are inherent or inferred, and whether it is growing or shrinking through cooperation or conflict, are all essential elements of information in stability operations and prerequisites for effective influence operations. Understanding Local Actor Bases of Power - Col. Patrick D. Allen, USA (Ret.)

So how easy or difficult would it be to set up a relatively effective mesh network? Look to one of the leaders in the technology itself for guidance:

If the City of Chicago or the country of Singapore can utilize these capabilities to create their own information networks for voice, video and data applications then so too could any private enterprise with the right funding and the people to operate these systems.

Your organizations "Information Operations" capabilities go far beyond the IT department and their ability to sweep for rogue "Wi-Fi Hotspots" in the workplace. It could mean the difference between the safety and security of your municipality or the entire academic campus. In either case, the powerbase of information will still have to be analyzed and understood. Without this powerbase insight your organizational "Operational Risks" will remain unknown and your ability to mitigate these risks unknowable.

About

Operational Risk is defined as the risk of loss resulting from inadequate or failed processes, people, and systems or from external events. The definition includes legal risk, which is the risk of loss resulting from failure to comply with laws as well as prudent ethical standards and contractual obligations. It also includes exposure to litigation from all aspects of an institutions activities.

"The Only Thing Necessary For Evil To Triumph Is For Good Men To Do Nothing." --E. Burke